Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Remote user and IIS as reverse proxy 
Hi Albert,

I think I know what you want to do. You want to use Windows Single-Sign-On with your application. And want IIS do all the authentication stuff. 

This is possible, but a little bit tricky. You need some 3rd party IIS plugins and some configuration. IIS will then give your application the Username of the authenticated user using a Header-Field.

For future information you can look here:

https://support.infrasightlabs.com/article/single-sign-on-iis-as-sso-reverse-proxy-for-vscope/

I was able to implement this for our application (running on a Tomcat), but it is a mess. You need to use setspn to allow the server running IIS to use Kerberos; That can only be done by a domain admin. And so on. So you can not really debug this on your dev system.

If in any way possible you should rather use AzureAD, that’s way easier to implement and there are even java samples from Microsoft. 

As Joakim said, this all has nothing to do with Jetty. 

Best regards,

Emmeran

> Am 22.04.2022 um 23:14 schrieb Albert Kühner <albert.kuehner@xxxxxx>:
> 
> Hi.
> 
> I managed to forward request to Jetty but I also need the username from Windows authentication with the IIS in Jetty.
>  
> I used the AJP module but it has been discontinued so do you know a way to integrate the newest Jetty with Windows authentification information?
>  
> Thanks.
>  
> Cheers,
> Albert
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

Mit freundlichen Grüßen aus Augsburg

Emmeran Seehuber
Dipl. Inf. (FH)
Schrannenstraße 8
86150 Augsburg
USt-IdNr.: DE266070804

Back to the top